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TECHNICAL MEMORANDUM X-53664 


SYSTEMS SAFETY CRITERIA FOR USE IN 
PREPARATION OR REVIEW OF PROCEDURES 

SUMMARY 


Suggested checklists for insuring systems safety features for the preparation 
or review of procedures are given for various areas of launch, operating, test, 
checkout, maintenance, handling, calibration, and ordnance procedures for 
space vehicles. 


INTRODUCTION 


This handbook is a checklist for those preparing or reviewing procedures 
such as those outlined in Apollo Program Directive 26-A. Its use during the 
preparation of procedures will materially assist the writer, save time, and help 
ensure the production of an adequate procedure. 

Poorly written or unclear procedures are one of the major causes of acci- 
dents and incidents in space vehicle operation. Investigations of numerous inci- 
dents show that just such procedures were being used. In other cases, procedures 
did not exist at all. 

Inadequate procedures represent as great a threat to space vehicle safety 
as do faulty hardware and careless work. A well-prepared procedure leaves no 
doubt in the mind of the person following it. Nothing is left to imagination or 
guess. Values and units are spelled out, and no step is omitted because it is 
"obvious. " Instructions are clear and concise and the use of special test equip- 
ment is specified when required. A proper procedure is one that has been 
authenticated by a responsible individual and checked out against the hardware 
for which it is intended. 


GENERAL 


Typical procedures for which these checklists are applicable include: 

* Launch Checkout Calibration 

Operating Maintenance Ordnance 

Test Handling Other 

The following areas of such procedures should be given particular 
attention: 

A - Correlation between procedures and hardware 
B - Adequacy of the procedure 

C - Accuracy of the procedure 

D - Adequacy and accuracy of the supporting documentation 
E - Securing provisions 
F - Backout provisions 
G - Emergency measures 
H - Caution and warning notes 

I - Requirements for communications and instrumentation 

J - Sequence-of -events considerations 

K - Environmental considerations (natural and induced) 

L - Personnel qualification statements 

M - Interfacing hardware and procedures noted 
N - Procedure sign-off 
O - General requirements 

Suggested checklists for each of these areas are included in the following 

pages. 

* Includes: Count Down Demonstration Test (CDDT) 

Flight Readiness TEST ( FRT) 

Count Down ( CD) 
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SOME SUGGESTED CHECKLISTS 


On the following pages are checklists which are suggested for use to 
ensure that safety criteria are adequately covered in the preparation and 
review of all procedures. 

Additions or other changes to these proposed lists would be appreciated 
by the author. They should be sent to Dr. P. T. Farish, Marshall Space 
Flight Center (I-RM-F), Huntsville, Alabama, 35812 
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Correlation Between Procedures and Hardware 


Does the procedure contain a statement as to the hardware 
configuration against which it was written? 

Does the procedure contain a revision sheet that identifies 
each change to the procedure by paragraph number, the 
authority for each change ( ECP, etc. ) } and a master 
revision letter (number) ? 

Does the procedure revision sheet provide for a notation 
of the date and the change number by which hardware 
changes were incorporated in the system that the pro- 
cedure control ? 


Adequacy of the Procedure 


1 - Is the procedure clear and cone is e? 


2 - Is the procedure free from ambiguity which could lead 

to wrong dec is ions ? __ 

3 - Have the calibration requirements been clearly defined? __ 

4 - Have critical redline parameters been clearly defined? __ 

5 - Have corrective controls for these parameters been 

clearly defined? __ 

6 - Have torque values been specified? _ 

l - Are operating limits of relief valves and rupture discs 

specified? _ 

8 - Are approved bonding and grounding methods for electrical 

equipment specified? _ 

9 - Are such items as pressure limits, tie downs, safety 

distances, or hazards peculiar to this operation 

clearly defined? _ 
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Accuracy of the Procedure 


1 - Has the ability of this procedure to accomplish its 

specified purpose been verified? 

2 - Are all gages, controls, valves, etc. , which are called 

out in this procedure described and labeled exactly as they 
actually are? 

3 - Are all redline limits on gages, etc. , limited as they 

are in this procedure? 

4 - Are the redline limitations in this procedure exactly 

what they should be? 
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Adequacy and Accuracy of the Supporting Documentation 


1 - Are all supporting drawings, reports, etc. , listed in 
this procedure? 


2 - Are all interfacing procedures listed in this procedure? 
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Securing Provisions 


1 - Does the procedure contain adequate securing instructions 

for shutdown of stage, GSE, and facilities to return the 
hardware to safe standby conditions? 

2 - Do the securing instructions contain step-by-step 

operations? 
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Backout Provisions 


Can this procedure put the stage or vehicle in a condition 
which could be dangerous? 

If so, does this procedure contain emergency shutdown 
or backout procedures either in an appendix to the 
procedure or as an integral part of the procedure? 

Is the backout procedure or instructions for its use 
included at the proper place in the basic procedure? 


Emergency Measures 


1 - Does the procedure identify possible emergency conditions 
and clearly state the proper reactions to them? 


2 - Is a pre-test briefing on possible hazards included in the 
procedure? 


3 - Are the emergency procedures to be used referenced in 
the correct place in the text prior to initiation of the 
hazardous operation? 


4 - Are the emergency procedures specific and detailed 
step-by-step? 


5 - Do the shutdown instructions cover all systems involved 

such as facilities , GSE, and stage? 

6 - Does the procedure specify the requirements for an 

emergency team for accident recovery, troubleshooting, 
or investigative purposes where necessary , and describe 
the conditions under which the emergency team will be 
used? 


7 - Does the procedure describe the conditions under which 
the emergency team will be restricted from access to 
a hazardous area? 


10 


8 - Does the procedure specify the equipment which must be 

available for emergency use? 

9 - Does the procedure consider interfaces in shutdown 

procedures? 

10 - Does the procedure call out the necessity and method 

for alerting support functions in the event of an 
emergency? 

11 - Does the procedure require that the emergency crew 

be pre-drilled in the emergency procedures? 


Caution and Warning Notes 


1 - Have caution and warning notes been included in all 

possible cases leading to hazards? 

2 - Do the cautions and warnings precede the hazardous 

events ? 

3 - Are they adequate to describe the potential hazard? 

4 - Are they separate entries with distinctive bold type? 

5 - Do they include emergency crew control if needed at 

specific required steps in the test? 

6 - Are human-induced hazards identified and described by 

cautions and warnings? 


Requirements for Communications and Instrumentation 


i - Are all modes of checkout requiring communication 

between stations properly covered by detailed pre-planned 
callout for emergency operation, alerting, shutdown,and 
personnel evacuation or control? 


2 - Will loss of communications create a hazard to the 
hardware? 


3 - Has an alternate means of communication been provided? 

4 - Are the alternate means specified in the text of the 

procedure? 


5 - Are the above situations flagged by cautions and 
warnings? 


6 - Are all communications , including those which are 

relayed, verified to assure acknowledgement of message 
and/or proper response? 


7 - Will the loss of control or monitoring capability of 
critical functions create a hazard to the hardware? 


8 - Has an alternate means been provided to regain control 
or monitoring of the function via alternate circuits? 
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9 - Are the alternate means detailed in the text of the 
procedure? 

10 - Are the above situations flagged by cautions and 

warnings? 

11 - Are specialized sensors or gages required? 

12 - Are there redlines on any of the monitored parameters? 

13 - Have corrective actions been specified for use when the 

redline is exceeded? 
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S eq u ence-of- Events Considerations 


1 - Can any operation in the procedure initiate an 
unscheduled or out-of-sequence event? 


2 - Could it induce a hazardous condition? 


3 - Is it identified by warnings or cautions? 


4 - Is it covered by emergency shutdown and backout 
procedures? 


5 - Are all sequenced steps prescribed in the procedure 

sequenced properly and such that they will not contribute to 
or create a hazard to the hardware? 


6 - Have all steps which, if performed out -of -sequence, 
could cause a hazard been identified and flagged? 


7 - Have all non -compatible simultaneous operations been 
described in detail? 


8 - Have these been prohibited by positive callout or 

separation in step-by-step inclusion within the text 
of the procedure? 


L 
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Environmental Considerations (Natural and Induced) 


1 - Have environmental requirements been specified which 

constrain the initiation of the procedure or which would 
require shutdown of the test, once in progress? 

2 - Have the induced environments (toxic or explosive 

atmospheres, etc.) been considered? 
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Personnel Qualification Statements 


1 - Does the procedure contain a statement relative to the 

qualification of test personnel? 

2 - Is there a requirement for personnel certification? 

3 - Does the procedure require the test conductor to check 

the certification of his personnel? 
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Interfacing Hardware and Procedures Noted 


1 - Have all interfaces been described by detailed callout? 

2 - Have interfacing operating procedures been drawn up 

to ready equipment? 

3 - Where more than one contractor is involved in an 

operation, have proper liaison and areas of responsibility 
been established? 


18 



Procedure Sign-Off 


Has the procedure been signed off by the proper 
personnel ? 


General Requirements 


1 - Are the procedures set up such as to discourage a shift 

change during a test? 

2 - Where shift changes are necessary does the procedure 

require a shift overlap and briefing of the new crew? 

3 - Do the procedures require time logs to be kept on 

limited-life components? 

4 - Is there mandatory inspection, verification, and system 

validation required whenever the procedure requires 
breaking into and reconnecting a system? 

5 - Do procedures for pre-testing safety and emergency 

equipment prior to the time when it is needed exist 
and are they adequate? 

6 - Do the procedures require walk-through or talk-through 

dry runs? 

7 - Have all safety instructions been spelled out in detail 

to all personnel? 

8 - Do the procedures require that all auxiliary equipment 

and personnel are available and that this be verified? 
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9 - Do the procedures require pre-checks of supporting 
equipment to ensure its compatibility? 

10 - Are general requirements covering unique operational 
equipment correct and valid? 

[ This consists of such items as leak detection systems 
( including sampling rate) , purge systems ( both lines 
and interstage) , vent streams and vent port locations , 
fire protection, and personnel escape route.] 
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